<?php 
/* 
 * This file is part of TCDB. 
 * 
 * Copyright (C) 2000-2009 
 * Technology Consultant Corps 
 * Grinnell College 
 * Grinnell, IA, 50112 
 * tc@grinnell.edu 
 * 
 * TCDB is free software; you can redistribute it and/or modify 
 * it under the terms of the GNU General Public License as published by 
 * the Free Software Foundation; either version 3 of the License, or 
 * (at your option) any later version. 
 * 
 * TCDB is distributed in the hope that it will be useful, 
 * but WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
 * GNU General Public License for more details. 
 * 
 * You should have received a copy of the GNU General Public License 
 * along with TCDB. If not, see <http://www.gnu.org/licenses/>. 
 * 
 
 ============================================================================= 
 
 * edit_photo.php -- Allows a normal user to view his photo, fetch it from the 
 *		     Directory, remove it, or upload a new one
 *
 *		     Allows admins to approve, remove, or fetch photos for users
 *		     (but NOT upload new photos)
 *
 *		     This script takes advantage of a lot of functions in 
 *		     scrape_photo.php; see that file for more details
 * 
 * Author: Dylan J. Sather
 * Created: 2009-07-27 
 * Last edited: 2009-07-29
 *
 * Thanks to CM Lubinski for his work on edit_photo.php since April 2008
 */ 
 
$page_title = "edit_photo.php"; 

require('init.php'); 
require('require_login.php'); 
include('header.php'); 

/** EDIT PHOTO INFO **/

if (isset($POST['action'])) {
    switch($_POST['action']) {
	
	// Fetch a photo from the Directory
	case "fetch":

	    $query = sprintf("SELECT username
			      FROM users
			      WHERE id = '%s'",
			  mysqli_real_escape_string($mysqli, $_GET['user_id']));

	    if ($result = $mysqli->query($query, MYSQLI_STORE_RESULT)) {
		if ($result->num_rows != 0) {
		    
		}
		else
		    echo "<h4>Couldn't pull info on the specified user; check your user ID</h4>\n";
		
	    }
	    else
		echo "<h4>Unable to pull user info from the DB; check the DB connection</h4>\n";		

	    break;

	// Delete user's photo from the DB
	case "delete":
	    break;

	// Send an e-mail request to the specified user to upload a photo
	case "request":
	    break;

	// The user is uploading a photo to the DB
	case "upload":
	    break;

        // The admin is removing an image from the queue (accepting/rejecting it)
	case "dequeue":
	    break;

    }
}

/** DISPLAY PHOTO INFO **/

echo "  <div class='content_box'> <!-- CONTENT div -->\n";

/* If $_GET['user_id'] isset and if the current user is an admin, we should display the 
   photo for the specified user_id; otherwise, display your own photo */

if (isset($_GET['user_id'])) {
    if ($_SESSION['is_admin']) {
	$user_id = $_GET['user_id'];

	// We also want to pull basic info on user
	$query = sprintf("SELECT username, first_name, last_name
			  FROM users
			  WHERE id = '%s'",
		      mysqli_real_escape_string($mysqli, $user_id));

	$result = $mysqli->query($query, MYSQLI_STORE_RESULT);

	// If the query failed, notify the admin; otherwise, continue
	if ($result->num_rows == 0)
	    echo "<h3>Sorry, we couldn't pull info for this user</h3>\n";
	else {
	    list($username, $first_name, $last_name) = $result->fetch_row();

	    $result->free();

	    // Fetch image
	    $query = sprintf("SELECT user_id
			      FROM images
			      WHERE user_id = '%s'",
			  mysqli_real_escape_string($mysqli, $user_id));

	    $result = $mysqli->query($query, MYSQLI_STORE_RESULT);

	    // By default, we don't have a photo
	    $photo_available = FALSE;

	    // If we get a result, show selected user's image
	    if ($result->num_rows != 0) {
		echo "<h3 class='underline'>$first_name $last_name's Current Photo</h3>
		<img src='display_image.php?id=$user_id&amp;buffer=0' alt='Image of $username' class='no_border' />\n";

		$photo_available = TRUE;
	    }
	    else
		echo "<h3>IMAGE UNAVAILABLE</h3>\n";

	    // Display photo options for admin

	    echo "<h4>You can either...</h4>
	    <form action='edit_photo.php?user_id=$user_id' method='post'>
	      <div> <!-- FORM div -->
		<input type='hidden' name='action' value='fetch' />
		<input type='submit' value=\"Fetch $first_name's Directory Photo\" /><br />
	      </div> <!-- End FORM div -->
	    </form>\n";

	    /* If we have a user photo, we can remove it; otherwise, we can e-mail the user to request an upload
	       The latter case will only occur when add_users.php failed to fetch the image from the Directory */
	    if ($photo_available) {
		echo "<h4>Or remove the current photo</h4>
		<form action='edit_photo.php?user_id=$user_id' method='post'>
		  <div> <!-- FORM div -->
		    <input type='hidden' name='action' value='delete' />
		    <input type='submit' value='Delete Photo' /><br />
		  </div> <!-- End FORM div -->
		</form>\n";
	    }
	    else {
		echo "<h4>Or e-mail $first_name to upload a photo</h4>
		<form action='edit_photo.php?user_id=$user_id' method='post'>
		  <div> <!-- FORM div -->
		    <input type='hidden' name='action' value='request' />
		    <input type='submit' value='E-mail $first_name' /><br />
		  </div> <!-- End FORM div -->
		</form>\n";
	    }
	    
	    $result->free();
	}

    }

    // Otherwise, the user is not an admin
    else
	echo "<h3>Sorry, you aren't authorized to change other users' photos</h3>\n";
}
else {
    $user_id = $_SESSION['user_id'];

    // Fetch your image
    $query = sprintf("SELECT user_id
		      FROM images
		      WHERE user_id = '%s'",
		  mysqli_real_escape_string($mysqli, $user_id));

    $result = $mysqli->query($query, MYSQLI_STORE_RESULT);

    // If we get a result, show your image
    if ($result->num_rows != 0) {
	echo "<h3 class='underline'>Your Current Photo</h3>
	<img src='display_image.php?id=$user_id&amp;buffer=0' alt='Image of you' class='no_border' />\n";
    }
    else 
	echo "<h3>IMAGE UNAVAILABLE</h3>\n";

    // Display photo options for user

    echo "<h4>You can either...</h4>
    <form action='edit_photo.php?user_id=$user_id' method='post'>
      <div> <!-- FORM div -->
	<input type='hidden' name='action' value='fetch' />
	<input type='submit' value='Fetch your Directory Photo' /><br />
      </div> <!-- End FORM div -->
    </form>

    <h4>Or upload a new photo:</h4>
    <form action='edit_photo.php?user_id=$user_id' method='post' enctype='multipart/form-data'>
      <div> <!-- FORM div -->
	<input type='hidden' name='action' value='upload' />
	<input class='big_margins' type='file' name='image' /><br />
	<input type='submit' value='Upload Photo' /><br />
	<p class='bold small_text'>Image must be less than 50KB; allowed formats are bmp, jpg, tif, gif, and png</p>
      </div> <!-- End FORM div -->
    </form>\n";

    $result->free();
}

/** DISPLAY QUEUE **/

// Display a queue for admins to approve pending photos

if ($_SESSION['is_admin']) {

    echo "<h3 class='underline'>Photos awaiting approval</h3>";

    $query = "SELECT user_id, username
	      FROM images LEFT JOIN users
	      ON images.user_id = users.id
	      WHERE picture_data_buffer IS NOT NULL";
	    
    $result = $mysqli->query($query, MYSQLI_STORE_RESULT);

    $pending_images = $result->num_rows;

    if ($pending_images > 0) {
	echo "<form method='post' action='edit_photo.php?user_id=$user_id'>
	<div> <!-- FORM div -->
	  <input type='hidden' name='action' value='dequeue'>";
	  
	while ($pending_images > 0) {
	    if ($pending_images != 0) {
		list($user_id, $username) = $result->fetch_row();
		$pending_images--;

		echo "<img src='display_image.php?id=$user_id&buffer=true'><br />
		<p class='bold small_text'>Submitted by [$username]</p>
		<span class='bold'>Accept</span>
		<input type='radio' name='$user_id' value='accept'>
		<span class='bold'>Reject</span>
		<input type='radio' name='$user_id' value='reject'>
		<span class='bold'>Wait</span>
		<input type='radio' name='$user_id' value='wait' checked='checked'><br />\n";
	    }
	}

	echo "<input class='big_margins' type='submit' value='Accept/Reject'>
	</div> <!-- End FORM div -->
      </form>\n";
    }
    else
	echo "<h4>No Pending Images</h4>";

    $result->free();

    /** DISPLAY USERS **/

    echo "<h3 class='underline'>Fetch Photo Info for [user]</h3>";

    // Pull users from the list, sorted by last name
    $query = "SELECT first_name, last_name, id
	      FROM users
	      ORDER BY last_name";

    // If the query is successful, display the list of users
    if ($result = $mysqli->query($query, MYSQLI_STORE_RESULT)) {
	echo "<form method='get' action='edit_photo.php'>
	    <div> <!-- FORM div -->
	      <select name='user_id'>\n";

	while (list($first_name, $last_name, $user_id) = $result->fetch_row()) {
	    echo "<option value='$user_id'>$first_name $last_name</option>\n";
	}

	echo "</select><br />
	      <input class='big_margins' type='submit' value='Edit Photo' />
	    </div> <!-- End FORM div -->
	  </form>\n";
    }

    else {
	echo "<p>Couldn't pull user information from the DB; check the DB connection</p>\n";
    }


}

echo "</div> <!-- End CONTENT div -->";

include('footer.php'); 

?> 
